Mercurial > kallithea

annotate docs/readme.rst @ 7547:a8d873e9cab0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
compare: prevent XSS due to unescaped branch/tag/bookmark names In the revision selection dropdown of the 'Compare' functionality, the branch/tag/bookmark names were not correctly escaped. This means that if an attacker is able to push a branch/tag/bookmark containing HTML/JavaScript in its name, then that code would be evaluated. This is a cross-site scripting (XSS) vulnerability. Fix the problem by correctly escaping the branch/tag/bookmarks.
author Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
date Tue, 26 Feb 2019 21:27:42 +0100
parents 03bbd33bc084
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4902
03bbd33bc084 docs: rework stuff
Mads Kiilerich <madski@unity3d.com>
parents:
diff changeset
1 .. _readme:
03bbd33bc084 docs: rework stuff
Mads Kiilerich <madski@unity3d.com>
parents:
diff changeset
2
03bbd33bc084 docs: rework stuff
Mads Kiilerich <madski@unity3d.com>
parents:
diff changeset
3 .. include:: ./../README.rst